On Tue, Nov 16, 2021 at 10:16:38PM +0100, Bastian Blank wrote: > Hi folks > > We like to do a global change to the way the network is setup on the new > AWS accounts. The goal is to reduce the amount of global IPv4 addresses > to a minimum, as those are an increasingly rare comodity nowadays. > > We will > - use NAT gateways for all outgoing IPv4 traffic, and > - allow use of IPv4 via load balancers for some kinds of traffic. > > This means for you as a user that > - IPv6 will work in either direction and can be used to access instances > at will (subject of security groups off course), > - IPv4 outgoing will work and all instances use the same address to the > outside, For ci, we are working with the security team on testing embargoed security updates, and for that we need a unique IP address, because it will be added to an ACL on the security repository side. I would like the central server to have its unique public IPv4 address for this. > - IPv4 incoming will _not_ work with a public IP assigned to an > instance, and > - IPv4-only or (better) dual-stack network load balancers can be used > for stuff like HTTP access for users. This means that all incoming HTTP access has to go through the admins first. Is there a way to do this without creating a bottleneck or a SPoF?
Attachment:
signature.asc
Description: PGP signature